From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 19 Apr 2017 17:35:42 +0200 Subject: [refpolicy] [PATCH] xserver: fix iceauth_home_t file context creation Message-ID: <1492616142.5407.1.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This patch fixes the xserver module so that the hidden .ICEauthority file is created with the proper context (file transition). It also optimizes a similar interface used for xauth home files. Signed-off-by: Guido Trentalancia --- policy/modules/services/xserver.if | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) --- refpolicy-2.20170204-orig/policy/modules/services/xserver.if 2017-01-29 18:47:23.000000000 +0100 +++ refpolicy-2.20170204/policy/modules/services/xserver.if 2017-04-19 17:07:06.659759701 +0200 @@ -167,6 +167,8 @@ interface(`xserver_role',` relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t) relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t) + xserver_user_home_dir_filetrans_user_iceauth($2, ".ICEauthority") + xserver_read_xkb_libs($2) ') @@ -561,13 +563,42 @@ interface(`xserver_domtrans_xauth',` ## Domain allowed access. ## ## +## +## +## The name of the object being created. +## +## # interface(`xserver_user_home_dir_filetrans_user_xauth',` gen_require(` type xauth_home_t; ') - userdom_user_home_dir_filetrans($1, xauth_home_t, file) + userdom_user_home_dir_filetrans($1, xauth_home_t, file, $2) +') + +####################################### +## +## Create a ICEauthority file in +## the user home directory. +## +## +## +## Domain allowed access. +## +## +## +## +## The name of the object being created. +## +## +# +interface(`xserver_user_home_dir_filetrans_user_iceauth',` + gen_require(` + type iceauth_home_t; + ') + + userdom_user_home_dir_filetrans($1, iceauth_home_t, file, $2) ') ########################################